Week 2 In Review

Resources

• How Modern Cars Can Be Cracked – autosec.org
• SOURCE Barcelona Resources from September 2011 – sourceconference.com
  Links, articles, and media from the event.
• OSCP-My Review – proactivedefender.blogspot.com
  The OSCP certification is an offensive security course which teaches the attacking side of Information Security and is largely aimed at those wanting to become penetration testers. My personal motivation for taking the course and exam were to better understand the methodology, tools and techniques that attackers employ to breach networks and systems.

Tools

• hashcat-gui v0.5.0 – hashcat.net/hashcat-gui/
• p0f is back! – lcamtuf.coredump.cx/p0f3/
  Version 3 is a complete rewrite, bringing you much improved SYN and SYN+ACK fingerprinting capabilities, auto-calibrated uptime measurements, completely redone databases and signatures, new API design, IPv6 support (who knows, maybe it even works?), stateful traffic inspection with thorough cross-correlation of collected data, application-level fingerprinting modules (for HTTP now, more to come), and a lot more.
• Large Scale Pcap Analysis – geek00l.blogspot.com/2012/01/large-scale-pcap-analysis.html
  It seems that the storage is not much an issue when comes to packet capture anymore, looking at terabytes become general everywhere, and many network analysis tools seem to gear toward large scale pcap data analysis, bro-ids has extended their functionality by using tons of community hardware and timemachine to capture and  analyze network data, and now I just come to read about people in RIPE NCC are doing this using apache hadoop
• Cheap WiFi Bridge For Pentesting or Otherwise – hackaday.com
  Twenty three dollars. That’s all this tiny pen-testing device will set you back. And there really isn’t much to it.
  [Kevin Bong] came up with the idea to use a Wifi router as a bridge to test a wired network’s security remotely. He grabbed a TP-Link TL-WR703N router, a low-profile thumb drive, and a cellphone backup battery; all cheaply available products.
• Sandia Labs Offers DNSSEC Tool – darkreading.com
  A Sandia National Laboratories computer scientist has developed a free visualization tool to help the federal government and other organizations with their Domain Name System Security (DNSSEC) implementations.

Techniques

• Old Meets New: Microsoft Windows SafeSEH Incompatibility – accuvant.com
  In recent years, Microsoft has made great strides to improve product security. This momentum can be seen clearly in their investments in security-focused processes, development, and research. The release of anti-exploitation features such as DEP, ASLR, Stack Cookies and SafeSEH are products of their commitment to security.
• Show Me Your SSID’s, I’ll Tell Who You Are – blog.rootshell.be
  The idea of this article came from a colleague of mine. He wrote a first version of the script described below. I found it very useful and asked his permission to re-use it and to write this blog article. Thanks to him! In the mean time, during my researches, I also found that a friend, Didier Stevens, published on his blog the same kind of script but for an AirCap adapter. Mine uses any adapter capable to be switched to “monitor” mode.
• Introducing Shazzer: A Shared online fuzzer – thespanner.co.uk
  I lost inspiration for coding a while ago and had this idea I was sitting on for a while, I’m often stuck at the design stage before I write a line of code and I will refuse to continue without a clear picture in my head on how an app is going to work. After the Christmas break I got my inspiration back and started to formulate pretty quickly how Shazzer might work.
• Hacking MS Access For Fun and Profit – tdsne.blogspot.com
  I spent a great many years of my early career making amazing things with MS Access databases and VBA.  I’ve lost most of these skills nowadays, but I remember a lot about how things are constructed internally and how I used to go about securing things.
• How To Run Penetration Tests From The Amazon Cloud – Without Getting Into Trouble – community.rapid7.com
  This is especially useful since several team members can use the same instance of Metasploit Pro in the cloud at the same time through Metasploit Pro’s web-based user interface, even if team members are working on different projects at the same time.
• Sanitize Input – carnal0wnage.attackresearch.com/2011/12/sanitize-input.html
  When application security was still in it’s infancy, there were discussions on how to protect applications from newly discovered injection vulnerabilities. “Sanitize Input” was a popular solution that rolled off the tongue nicely and was not overly complicated to explain. It was also, a very generic solution that would (hopefully) be part of a more complete approach.

Vendor/Software Patches

• Microsoft Security Bulletin January 2012
  As I previously mentioned in the Advance Notification Service blog post on Thursday, today we are releasing seven security bulletins, one of which is rated Critical in severity, with the remaining six classified as Important. These bulletins will address eight vulnerabilities in Microsoft products. Customers should plan to install all of these updates as soon as possible.
• January 2012 Security Bulletins Released – blogs.technet.com
• January ’12 MSRT: Win32/Sefnit – blogs.technet.com
• Vulnerability in Windows Kernel Could Allow Security Feature Bypass – technet.microsoft.com
• Vulnerability in Windows Object Packager Could Allow Remote Code Execution – technet.microsoft.com
• Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege – technet.microsoft.com
• Vulnerabilities in Windows Media Could Allow Remote Code Execution – technet.microsoft.com
• Vulnerability in Microsoft Windows Could Allow Remote Code Execution – technet.microsoft.com
• Vulnerbaility in SSL/TLS Could Allow Information Disclosure – technet.microsoft.com
• Vulnerability in AntiXSS Library Could Allow Information Disclosure – technet.microsoft.com
• Wireshark 1.6.5 and 1.4.1.1 Released – wireshark.org
  Wireshark 1.6.5 and 1.4.11 have been released. Installers for Windows, Mac OS X 10.5.5 and above (Intel and PPC), and source code are now available.

Other News

• Typosquatting social web gains top Alexa ranking – community.websense.com
  These are amazing results for fraudulent Web sites, as some of them rank even better than genuine big name portals. In this campaign, the fraudulent sites pretend to be from YouTube, and they try to lure you in by saying you have been selected to complete a survey for a chance to win a gift such as an iPhone 4S. Survey scams were very common in the past year, and were usually spread within social networks like Facebook or Twitter.
• Researchers Find Way To Sniff Corporate Email Via Blackberry Playbook – threatpost.com
  Researchers and attackers have had no shortage of mobile platforms and devices to sink their teeth into in recent years, thanks to the explosion of iOS and Android phones and tablets in the consumer and enterprise markets. Now, the spotlight is slowly beginning to turn in the direction of RIM, and specifically its BlackBerry PlayBook tablet.
• Banks Coming Together To Fight Hackers, Prevent Attacks – threatpost.com
  Major banks like Morgan Stanley, Goldman Sachs Group and Bank of America are putting together plans to help identify new security threats before they happen, according to a report from the Wall Street Journal this week.
• DiskCrypt Turns Any Laptop Storage Into A Self-Encrypted Drive – arstechnica.com
  DiskCrypt takes a similar approach, providing firmware within the enclosure that performs pass-through encryption and decryption. It uses AES encryption, and has a NIST FIPS 140-2 level 1 certified cryptographic module—meaning that it has been certified by the feds for basic information security, but not for classified information, as it’s specifically single-user.
• Researchers Find Sykipot Trojan Variant For Hijacking DoD Smartcards – threatpost.com
  The research, published in a blog post Thursday, is the latest by Alien Vault to look at Sykipot, a Trojan horse program known to be used in targeted attacks against defense industrial base (DIB). The new variants, which Alien Vault believes have been circulating since March, 2011, have been used in “dozens of attacks” and contain features that would allow remote attackers to steal smart card credentials and access sensitive information.